Session Compact

This package appears to implement the session-compaction feature it advertises, but there are a few red flags to check before installing: - Packaging mismatch: the registry lists no install spec, yet the bundle contains a buildable code plugin (TypeScript, bin script, openclaw.plugin.json). Confirm whether you intend to run the code plugin (it requires building and copying into ~/.openclaw/extensions). - Exec/CLI LLM calls: the implementation notes use of execSync to call the OpenClaw CLI for LLM summaries. That is convenient but increases risk (shell invocation, reliance on host CLI config). Inspect the built dist/index.js (or source) for exec/child_process usage and ensure arguments are properly escaped or, ideally, prefer a direct API integration. - File writes & config edits: the plugin will persist JSON sessions under ~/.openclaw/sessions and expects changes to ~/.openclaw/openclaw.json. Back up your OpenClaw config and existing sessions before enabling. - Source provenance: the package lists no homepage and the repository URLs in docs point to GitHub placeholders. If you plan to install, verify the source repository, review the built JS to ensure no hidden network calls or obfuscated code, and prefer installing via the official ClawHub/marketplace rather than manual cloning when possible. - Inconsistent docs: different files claim different coverage/version numbers and at least one doc notes the plugin previously triggered platform security intercepts (execSync usage). Treat these as signs to audit the code rather than immediate red flags. If you are not comfortable auditing the code yourself, ask the maintainer for a signed release on the official registry (ClawHub) or request an upstream review that addresses the execSync usage and clarifies packaging/installation instructions.

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.